Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
Home»HACKING NEWS»VFAT SICKLE Audit Summary -Ackee Blockchain
HACKING NEWS

VFAT SICKLE Audit Summary -Ackee Blockchain

By Crypto FlexsMay 16, 20254 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
VFAT SICKLE Audit Summary -Ackee Blockchain
Share
Facebook Twitter LinkedIn Pinterest Email

VFAT is a yield Agrigator that uses the Natt Smart Contract Wallet for yield agriculture. Reduce complex tasks such as input and termination, complex or re -adjustment in the position.

VFAT conducted a security review of the VFAT protocol as a total time donation of 18 engineering days in the period between March 4 and March 28, 2025 to participate in Ackee Blockchain Security. Then the second security review focused on modifications of the problem found in the first security review. Other code changes were not thankful.

We are grateful for the optimism that approves subsidies that are partially funded for this and the second audit of VFAT.

methodology

We started reviewing using static analysis tools, including Wake. Then I dive about the logic of the contract.

During the review, we paid special attention later.

  • The arithmetic guarantee of the system is correct.
  • Reinvision detection possible in the code;
  • Safety confirmation of using delegateCall;
  • Access control is not too comfortable or strict.
  • Accuracy confirmation of implementation of the possibility of upgrade; and
  • We are looking for common problems such as data verification.

range

The first audit was performed for the commit. 357593f And the range is as follows:

  • contracts/Automation.sol
  • contracts/ConnectorRegistry.sol
  • contracts/NftSettingsRegistry.sol
  • contracts/PositionSettingsRegistry.sol
  • contracts/Sickle.sol
  • contracts/SickleFactory.sol
  • contracts/SickleRegistry.sol
  • contracts/governance/SickleMultisig.sol
  • contracts/libraries/FeesLib.sol
  • contracts/libraries/NftSettingsLib.sol
  • contracts/libraries/NftTransferLib.sol
  • contracts/libraries/PositionSettingsLib.sol
  • contracts/libraries/SwapLib.sol
  • contracts/libraries/TransferLib.sol

For completeness, we had to review the following parent contracts.

  • base/Admin.sol
  • base/Multicall.sol
  • base/NonDelegateMulticall.sol
  • base/SickleStorage.sol
  • base/TimelockAdmin.sol

The revision review was performed in a given commit. 1c20e7e.

Security discovery classification is determined by two grades. influence and What can be. This two -dimensional classification helps to clarify the seriousness of individual problems. The problem to be evaluated middle It is severe, but the possibility of being found only by the team is generally reduced according to the possibility. wAnnings or menFormational Severe rating.

Our review results have emerged 31 resultsIt ranges from information to seriousness. The most serious discovery H1 allows administrators (malignant or damage) to drain all user wallets. Intermediate severity problem M1 can be executed in full execution. setReferralCode function. Most of the results are warnings that refer to a variety of omissions, code quality issues and exemplary cases.

The second security review was limited to the problems found in the first security review, and no other code change was not appreciated. Twenty problems were solved, three problems were partially fixed, seven problems were recognized, and H1 was invalidated by VFAT. Read more information in the entire audit report linked to the end of the article.

Threshold

There was no important serious problem.

The severity is high

H1: White list callers can perform delegateCall in all humility.

Intermediate

M1: Recommended code setter can be a front run run

Low severity

L1: Non -contract registration agencies can go back

Significance of warning

W1: Incomplete data verification for NFT location

W2: Duplicate bottle search

W3: Potential underflow or overflow of tic range calculation

W4: Variable Shadow

W5: Insufficient data verification PositionSettingsRegistry contract

W6: Incorrect price calculations in POSITSETTINGSREGISTRY

W7: Incorrect use of initialization

W8: Variable name rules

W9: Step 1 ownership transfer

W10: Featokens’ duplicate tokens can lead to inconsistent fee calculations.

W11: ETH and WETH’s inconsistent handling over the Feeslib contract

W12: ambiguous handling of basic value in Swaplib contract

W13: Inheritance with misunderstanding

W14: Input array length validation verification

W15: There is no data verification in the addition and update of the registry

W16: The zero address verification has been missing

Information seriousness

I1: Duplicate Code

I2: Use of magic constant

i3: Definition of unified storage variables

I4: duplicate storage variable

i5: mapping isCustomRegistry Duplicate

I6: Unconsistent functional name rules

i7: Error in the printing of the functional commentary

i8: Odo error name

I9: Unused errors

I10: Duplicate function

I11: Duplicate registry validation has been missing

i12: Error of Document

Trust model

This protocol must trust the manager who controls important parameters (fare, white list, connector update) and automatically running the task on behalf of himself. The user maintains the centralized control point while the user controls the Nat instance and the location settings. Trust risks are partially relaxed through hard -coded limits and multi -IG requirements. However, users must accept the risk of centralized control and potential trading manipulation of automatic devices that can control transaction timing.

conclusion

AcKee Blockchain Security recommends VFAT.

    • Set off chain monitoring for the following purposes M1 find; and
    • Solve all other reports.

You can find the entire VFAT SICKLE audit report of AcKee Blockchain Security. here.

We are pleased to thank VFAT and expect to work again.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Safe smart account audit summary

June 27, 2025

Encryption Inheritance Update: June 2025

June 25, 2025

HyperLend Protocol Thanksgiving Summary -Ackee Blockchain

June 21, 2025
Add A Comment

Comments are closed.

Recent Posts

Circle is looking for a US Trust Bank Charter for USDC Reserve Management.

July 1, 2025

Hyra Network Honored As “Technology Startup Of The Year” At The 2025 Globee® Awards

July 1, 2025

Shheikh.io Launches SHHEIKH Token Presale For Blockchain-Backed Real‑World Asset Investments

June 30, 2025

What should I do with encryption?

June 30, 2025

AAS Miner Will Become The Top Free Cloud Mining Platform For Passive Income From Mining Cryptocurrencies Such As BTC And ETH In 2025

June 30, 2025

Bitcoin is integrated into less than $ 108,000, but the eyes are set for $ 115,000.

June 29, 2025

Etherrium price behavior is weakened-danger of short-term modifications

June 29, 2025

Last Opportunity-The bonus stage of the light chain AI begins after closing all 15 pre-sales stages.

June 29, 2025

Its Important To Know What’s Really Going On?

June 29, 2025

Elon Musk, SpaceX And Crypto Hype: What’s Really Going On?

June 28, 2025

Checkpoint #4: Berlinterop | Ether Leeum Foundation Blog

June 28, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Circle is looking for a US Trust Bank Charter for USDC Reserve Management.

July 1, 2025

Hyra Network Honored As “Technology Startup Of The Year” At The 2025 Globee® Awards

July 1, 2025

Shheikh.io Launches SHHEIKH Token Presale For Blockchain-Backed Real‑World Asset Investments

June 30, 2025
Most Popular

Balaji Srinivasan says Donald Trump should airdrop official Memecoin to his supporters. Here’s why:

January 21, 2025

Animoca Brands secures $10 million in funding to expand Mocaverse with MOCA Coin

November 12, 2024

NFT Market Place Magic Eden acquires SlingShot and expands into multi -chain encryption platforms.

April 10, 2025
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.